Job Description SOC L3
The Security Operations Center (SOC) is responsible for monitoring, detecting, analyzing, and performing incident response to cyber threats against applications, platforms, networks, and information. The environment includes local area networks/wide area networks (LAN/WAN), Internet connections, public-facing services & websites, wireless, mobile/cellular, cloud-based applications, and services (IaaS, PaaS, SaaS), security devices, servers, end-user workstations and laptops, production manufacturing, and various other 3rd party connections & services.
Duties include:
- Administer and maintain the organization's SIEM (Security Information and Event Management) platform to monitor, analyze, and respond to security events and incidents effectively.
- Configure and customize SIEM rules, alerts, dashboards, and reports to meet the organization's security requirements and compliance standards.
- Perform regular health checks, tuning, and optimization of SIEM infrastructure to ensure optimal performance and maximum effectiveness.
- Monitor SIEM logs and alerts, investigate security incidents, and provide expert-level analysis and response to security events.
- Collaborate with SOC (Security Operations Center) analysts to triage, prioritize, and escalate security incidents based on severity and impact.
- Conduct regular SIEM platform upgrades, patches, and version migrations, following best practices and change management processes.
- Develop and maintain SIEM documentation, including configuration guides, standard operating procedures (SOPs), and knowledge base articles.
- Provide mentorship and training to junior team members and SOC analysts on SIEM administration best practices and techniques.
- Coordinate with vendors and internal stakeholders for SIEM platform integrations, upgrades, and troubleshooting as needed.
- Stay current with emerging SIEM technologies, trends, and threats, and make recommendations for continuous improvement of the SIEM environment.
- Manage and maintain the organization's SIEM (Security Information and Event Management) platform to monitor, analyze, and respond to security events and incidents.
- Implement and manage Data Loss Prevention (DLP) solutions to safeguard sensitive data and prevent unauthorized data exfiltration.
- Administer Endpoint Detection & Response (EDR) systems to detect, investigate, and remediate security threats on endpoints.